Are you puzzled about whether you qualify as a "small health plan" under HIPAA? Thanks to a modified definition provided by the Center for Medicare & Medicaid Services, any anxiety over where you fit in with HIPAA should be a thing of the past. CMS has issued more guidance on the vexing and high-stakes question of what it takes to qualify as a "small health plan" under the Health Insurance Portability and Accountability Act privacy regulation. The guidance part of the HIPAA frequently asked questions section of its Web site appears in a revamped response to the question "How should a health plan determine what receipts to use to decide whether it qualifies as a 'small health plan.'" Plans that qualify as "small" get an extra year to comply with the privacy rule, making the question an extremely important one and CMS' earlier response to the question generated controversy among HIPAA experts. In the revised response, CMS notes that a "small health plan" is defined as one whose annual receipts are $5 million or less. The agency then cites guidelines promulgated by the Small Business Administration to clarify the complicated issue of what types of receipts should be counted toward the total. The agency also provides new, albeit limited, HIPAA guidance to two newly added entries to the FAQ page. In the responses posted Sept. 18 the agency makes the following points: First, "premiums or amounts paid for stop-loss insurance by an employer or sponsor of a self insured plan should not be included in the amount of receipts."
Second, the Small Business Administration's recent decision to define a small business as an organization that brings in less than $6 million in receipts per year rather than $5 million, as was previously the case has no effect on the HIPAA definition of a small health plan. A small health plan remains one whose receipts are less than $5 million.